Working with rules

Modification is required each time that monitored parameters are changed. If changes are made such that a rule cannot fulfill the conditions and the specified action cannot be applied, the given connection may be refused. This can lead to problems with the operation of the application affected by a rule. An example is a change of network address or port number for the remote side.

The upper part of the window contains three tabs:

General – Specify a rule name, the direction of the connection, the action (Allow, Deny, Ask), the protocol and the profile to which the rule will apply.

Local – Displays information about the local side of the connection, including the number of the local port or port range and the name of the communicating application. Also allows you to add a predefined or created zone with a range of IP addresses here by clicking Add.

Remote – This tab contains information about the remote port (port range). It allows you to define a list of remote IP addresses or zones for a given rule. You can also add a predefined or created zone with range of IP addresses here by clicking Add.

When creating a new rule, you must enter a name for the rule in the Name field. Select the direction to which the rule applies from the Direction drop-down menu and the action to be executed when a communication meets the rule from the Action drop-down menu.

Protocol represents the transfer protocol used for the rule. Select which protocol to use for a given rule from the drop-down menu.

ICMP Type/Code represents an ICMP message identified by a number (for example; 0 represents "Echo Reply").

All rules are enabled for Any profile by default. Alternatively, select a custom firewall profile using the Profile drop-down menu.

If you enable Log, the activity connected with the rule will be recorded in a log. Notify user displays a notification when the rule is applied.

icon_details_hoverNOTE

Below is an example in which we create a new rule to allow the web browser application to access the network. The following must be configured:

In the General tab, enable outgoing communication via the TCP and UDP protocol.

Add your browser application (for Internet Explorer it is iexplore.exe) in the Local tab.

In the Remote tab, enable port number 80 if you want to allow standard Internet browsing.

icon_details_hoverNOTE

Please be aware that predefined rules can be modified in limited way.